Motion To Quash Against Copyright Troll Explains How IP Address Does Not ID User

from the will-it-work? dept

That Anonymous Coward alerts us to a recently filed "motion to quash" (pdf) one of the many subpoenas that copyright troll lawyer John Steele has been trying to get courts to issue. After running into trouble convincing judges in his home state of Illinois, it appears that Steele has branched out. This latest involves a lawsuit filed in the Northern District of California, where (unfortunately) Magistrate Judge Howard Lloyd went ahead and allowed early discovery and the issuance of subpoenas. While this is standard in many cases, more and more courts have begun realizing it is not appropriate in these copyright trolling cases where the sole purpose is to identify users to try to pressure them into settling.

While there have certainly been many motions to quash, this one made some particularly good points that seemed worth highlighting. First, it explains that IP addresses are not like fingerprints and do not identify a user (my emphasis):

The Third Degree Films complaint and ex parte request for expedited discovery form yet another in a wave of suits in which copyright infringement plaintiffs seek to “tag” a defendant based solely on an IP address. However, an IP address is not equivalent to a person or entity. It is not a fingerprint or DNA evidence – indeed, far from it. In a remarkably similar case in which an adult entertainment content producer also sought expedited discovery to learn the identity of persons associated with IP addresses, United States District Judge Harold Baker of the Central District of Illinois denied a motion for expedited discovery and reconsideration, holding that, “IP subscribers are not necessarily copyright infringers…The infringer might be the subscriber, someone in the subscriber’s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment.” Order of Apr. 29, 2011, VPR Internationale v. DOES 1-1017, No. 2:11-cv-02068 (Central District of Illinois) (Judge Harold A. Baker) [hereinafter VPR Internationale Order], attached hereto as Exhibit C. The point so aptly made by Judge Baker is that there may or may not be a correlation between the individual subscriber, the IP address, and the infringing activity. Id. The risk of false identification by ISPs based on internet protocol addresses is vividly illustrated by Judge Baker when he describes a raid by federal agents on a home allegedly linked to downloaded child pornography. The identity and location of the subscriber were provided by the ISP (in the same fashion as Plaintiff seeks to extract such information from Wide Open West.) After the raid revealed no pornography on the family computers, federal agents eventually learned they raided the wrong home. The downloads of pornographic material were traced to a neighbor who had used multiple IP subscribers’ Wi-Fi connections. Id. This risk of false identification and false accusations through disclosure of identities of internet subscribers is also presented here. Given the nature of the allegations and the material in question, should this Court force Wide Open West to turn over the requested information, DOE No. 605 would suffer a reputational injury.

Separately, it notes that those using these tactics are using high pressure efforts to get people to pay up to settle:

If the mere act of having an internet address can link a subscriber to copyright infringement suits, internet subscribers such as DOE No. 605 will face untold reputational injury, harassment, and embarrassment. The reputational risk that Judge Baker found to be an undue burden is equally presented here: “[W]hether you’re guilty or not, you look like a suspect.” Id. at 3. Moreover, this case presents the same extortion risk that so concerned Judge Baker:

“Could expedited discovery be used to wrest quick settlements,
even from people who have done nothing wrong? The
embarrassment of public exposure might be too great, the legal
system too daunting and expensive, for some to ask whether VPR
has competent evidence to prove its case.”

Id. Discovery is not a game. Yet, plaintiffs in these types of cases use discovery to extort settlements from anonymous defendants who wish to avoid the embarrassment of being publicly associated with this type of allegation. Id. Such abuse of the discovery process cannot be allowed to continue.

From there, it argues that since an IP address does not identify the user, the subpoena itself is invalid:

Additionally, this subpoena should not have been issued in the first place because the information sought is not relevant to Plaintiff’s allegations. Implicit in the rule granting subpoena power is a requirement that the subpoena seeks relevant information. See Syposs v. United States, 181 F.R.D. 224, 226 (W.D.N.Y. 1998)(“the reach of a subpoena issued pursuant to [FED. R. CIV. P. 45] is subject to the general relevancy standard applicable to discovery under [FED. R. CIV. P. 26(b)(1)].”). The information linked to an IP address cannot give you the identity of the infringer. VPR Internationale Order, at 2. Because the infringer could have been anybody with a laptop passing within range of the router, the information sought by Plaintiff is not relevant to the allegations in any way. Id. Moreover, even if the information has some small amount of relevance to the claim—which it does not—discovery requests cannot be granted if the quantum of relevance is outweighed by the quantum of burden to the defendant. FED. R. CIV. P. 26(b)(2)(C)(iii). Plaintiff’s request fails that balancing test. Given that DOE No. 605 was only one of many persons who could have used the IP address in question, the quantum of relevance is miniscule at best. However, as discussed above, the burden to DOE No. 605 is severe. The lack of relevance on the one hand, measured against the severe burden of risking a significant reputational injury on the other, means that this subpoena fails the Rule 26 balancing test. Id. Plaintiff’s request for information is an unjustified fishing expedition that will cause reputational injury, prejudice, and undue burden to DOE No. 605 if allowed to proceed. Good cause exists to quash the subpoena served on Wide Open West to compel the disclosure of the name, address, telephone number and e-mail address of DOE No. 605."

Nice to see more people fighting back against obvious fishing expeditions. Hopefully more judges start realizing what these kinds of requests are really about.

Re:

"Id." is short for "idem," which means "the same" in Latin. It's used in law the same way "ibid." (short for "ibidem," which also means "the same" or "the same place" in Latin) is used in other academic writing. It's a citation shorthand that means the exact same citation that was used immediately before is being used again. So if I write a sentence and then put a citation at the end, and then my very next sentence uses the same citation, I put "Id." instead of putting the whole citation again as a shorthand. http://en.wikipedia.org/wiki/Idem

Re:

And they STILL miss the much bigger point

As I've noted here repeatedly over the years, there are a couple hundred million zombies plugged into the Internet. (Others have cited higher estimates, and they may well be right, but I think 200M is a reasonable minimum number.)

NOTHING that those systems do can be definitively laid at the feet of their (former) (putative) owners, because those computers really do not belong to the people on whose desks or laps they rest. Not any more. Those computers belong to their new owners, who are the botmasters controlling them.

And the new owners use them to phish, to harvest email addresses, to spam, to conduct DoS attacks, to host illicit content, to crack passwords, to do anything they want.

And there is absolutely no way for an external observer, watching the traffic in/out of that system, to discern which of it is associated with the old owner and which with the new. Astute guesses can be made: rolex spam is probably from the botmaster, POP requests to the relevant ISPs mail server the former owner. But these are still just guesses, and thus should not be admitted into evidence. And -- as botnet operators have become more crafty, they've also got much better at hiding their handiwork in "normal" traffic.

The only way to associate traffic with a user is to watch them type it/click it. (And even that is starting to become suspect as a methodology -- like I said, botnet operators have gotten crafty.)

TL;DR: there is a profound disconnect between "what X's computer did" and "what X did".

Re: And they STILL miss the much bigger point

"And there is absolutely no way for an external observer, watching the traffic in/out of that system, to discern which of it is associated with the old owner and which with the new."

While I found your post insightful, someone at the ISP, for example, could discern that there is traffic going to and from the botmaster and the victim. The RIAA, from the outside, however, might not be able to.

Re: Re: And they STILL miss the much bigger point

Re: Re: And they STILL miss the much bigger point

That used to be true -- sufficiently well-positioned, sufficiently clueful dissection of the traffic would sometimes yield pretty useful clues as to what was going on.

But not any more. Botmasters are using encryption, tunneling, low-bandwidth/spread-spectrum techniques and the only way to really see what's going on is to instrument the system (say, by running it in a VM and looking at it with forensic tools from the outside). And that's not easy -- still doable, just technically challenging.

But we're not anywhere close to that in this case or the ones like it: plaintiffs continue to make the assumption that "traffic to/from your IP address" is completely equivalent to "traffic to/from you"...and it's not true.

Re: Re: Re: And they STILL miss the much bigger point

Re: And they STILL miss the much bigger point

Rich, the disconnect isn't totally relevant here because we are not talking a criminal case, but a civil one.

Further, the question is always the same: Is the user liable for what happens on their connection, due to their computer being hacked, broken into, or failing to install and maintain proper anti-virus software?

The number of zombies online is greatly overstated, and for the most part these days are concentrated in countries with high software piracy rates - you know, the people who can't get windows updates, run systems with known security flaws, don't use anti-virus at all, and download anything and everything they can get their hands on without checking it.

The US infection rate for bots is somewhere around 1-2%, which puts it on par with many other criminal activities. At worst, there is a 1 in 50 chance that a given user has a bot on their machine. It is something that could clearly be determined when the machine(s) in question are seized as evidence and inspected.

All of which is part of a defence, but only comes after admitting that yes, you are the user at that IP at that given time. Then the rest of the case can move from there.

Re: Re: And they STILL miss the much bigger point

I'll sharply disagree with you on the number of zombies worldwide, but this is of course just a question of your estimate vs. mine vs. every else's. The true number is not only unknown, but unknowable, since (a) any zombie that does nothing to make its presence known will likely remain undetected indefinitely (b) even if it DOES do something, if that something isn't noticed, it'll still remain undetected indefinitely (c) the "somethings" are getting more subtle and harder to recognize all the time and (d) we've known for years that large numbers of them are kept in reserve.

That said, three of us with significant experience in the field came up with a consensus estimate several years ago based on very large-scale observations; at that point, we concurred that 100M was in the ballpark. In the intervening time, nothing has happened to indicate any decrease in that number, and a lot of things have happened to indicate a significant increase. (Consider: it is now fairly routine to hear reports of busts of botnets with 10M members. Surely those are not unique, and surely they're not the largest, and surely they're not the most competently-operated...since the latter won't be busted.)

Note that shortly after we made our estimate, Vint Cerf of Google made his: http://arstechnica.com/old/content/2007/01/8707.ars cites him as estimating that 150M out of 600M connected systems were members of botnets. That's 4.5 years ago, and in the interim, we've connected a LOT of new systems to the 'net, including smartphones, tablets, etc. So my view (as of summer 2011) is that any estimate under 100M is ludicrous and may be instantly discarded. Higher estimates vary, of course, but I think 200M is certainly "plausible", but would not reject (let's say) 150M or 300M, both of which are also possible.

And I think -- whatever the number is -- it's important to note that it's monotonically increasing, and that it will apparently continue to monotonically increase because nothing has been done to make it do something else. So if there are -- for the sake of argument -- 183M zombies today, then a year from now there will be 184M or 201M or 193M -- not 170M.

All that said, it's not clear to me who, in a civil case, is liable. For example, I would say "Microsoft, for shipping an operating system that's pre-compromised at the factory and unfit for any purpose". Others would blame the lack of anti-virus software, others would blame poor computer skills/habits, etc. I think there's a lot of debate here, both on a technical level and on a legal level. But I do think that plaintiff should be required to establish at least a reasonable likelihood that defendant did X, Y and Z -- and I think that in the present environment, even clinching, forensically-verified proof that the defendant's computer did X, Y and Z doesn't mean the defendant did it.

(Let me toss in an aside that many forensic examinations are awful. Note that last week here on TD we were reading about how the FBI was baffled by a dual-boot system. And remember the Julie Amero case, also discussed here repeatedly? That poor woman had her life destroyed by malicious prosecutors, ignorant police, and incompetent IT people.)

Where I will agree with you is that the statistical distribution of zombies has changed over the years. Botnet operators of course prefer control over systems with substantial CPU/memory/disk, and with adequate bandwidth. As the Internet has become more prevalent around the world, and as computer costs have dropped, there are more systems with more bandwidth available in more places. So whereas a 1995 botnet might have had most of its members in the US, Australia, and western Europe, today's botnets may have members in Vietnam, Peru, Romania, and Egypt. This may well overlap with bootlegged/unpatched software, but there's no way (that I know of) to measure that correlation based on what's in the packets.

Your numbers would be plausible if we straight lined previous numbers, but that isn't the case. Just the introduction of Windows 7 has, especially in the western world. changed the number of bot nets and such going on.

A quick story: I get a call the other day from "your internet provider" pointing out that I have a problem with my "windows computer". Turns out it's a scam from India to try to get you to allow a remote desktop access so they can install malware, under the guise of being your ISP. Stuff like this happens only because other infection paths are becoming too difficult. They are going for a direct method that requires tons of man hours, tons of effort, and tons of human engineering to get it done, all to get past the improved security of most computers these days.

As for distribution, countries such as Brazil have high botnet infection rates, as does mainland China, Thailand, Vietnam, and not surprisingly Spain. All countries that are incredible tolerate of piracy (or encourage it), and still have tons of people running Windows 98 or Windows XP, pre SP2. Those machines can be infected so easily, even Nicedoggy could do it.

Next time you are poking around, look at the connections into your mail servers, and see where the spam mail is actually coming from (don't both with headers, actually look at server logs). You will then know pretty much what is bot net, and what is not.

Re: Re: Re: Re: And they STILL miss the much bigger point

Quote:

As for distribution, countries such as Brazil have high botnet infection rates, as does mainland China, Thailand, Vietnam, and not surprisingly Spain. All countries that are incredible tolerate of piracy (or encourage it), and still have tons of people running Windows 98 or Windows XP, pre SP2. Those machines can be infected so easily, even Nicedoggy could do it.

I challenge that.

Quote:

You may be interested to know that global warming, earthquakes, hurricanes, and other natural disasters are a direct effect of the shrinking numbers of Pirates since the 1800s. For your interest, I have included a graph of the approximate number of pirates versus the average global temperature over the last 200 years. As you can see, there is a statistically significant inverse relationship between pirates and global temperature.

Re: Re: Re: Re: Re: And they STILL miss the much bigger point

While the US is number 1 in this report, it was mostly about Rustock, which has been killed off. You will notice when you start looking down at the bot numbers, Brazil is nubmer 1. Considering how small some of these countries are, they have incredibly high rates of infection per 1000 users.

The rest of your post makes absolutely no sense. Is this something you are preparing for your grade 10 english test?

Re: Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point

Umm, I wasn't trying to claim any correlation. In fact, I am saying there is probably none.

But high infestion rates are often found in countries with high piracy rates. The most common source is unpatched windows XP installs, which is usually a sign of someone using a copy that has been blocked from getting updates.

Re: Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point

Re: Re: Re: Re: And they STILL miss the much bigger point

You make some (partially) good points, but unfortunately you paint a far better picture than reality and decades of spam history support. Let me -- briefly -- address each of these.

1. Windows is still Windows -- a markedly inferior operating system both in design and implementation. (As are the associated applications.) Windows 7 may be an improvement, and it appears to be so in some aspects, but it is still miserably insecure and routinely breached. It is worth noting that not even Microsoft, who wrote it and has essentially infinite personnel and financial resources, has been able to do so.

2. Anti-virus software is worthless pablum. It's a greedy attempt to exploit the people who purchase and operate inferior operating systems. Those who choose their operating systems properly do not NEED anti-virus because they run operating systems which are of sufficient quality. Those who choose their operating systems poorly are deluding themselves if they think anti-virus will save them.

3. The shift to webmail has diminished the use of some propagation vectors; it's brought new ones. Surely you are aware that some major webmail providers, such as Yahoo and Hotmail, are riddled with security holes, are utterly incompetent at stopping inbound or outbound spam, phishing, and exploits?

4. Yes, some browers are better, although IE is still a worthless piece of shit that nobody should use. What has also helped is the deployment of browser add-ons such as NoScript. If we were really serious about security those wouldn't be add-ons but would be built-in to every browser. Of course the idiot web designers who cook up sites whose home pages won't even display without scripting would be appalled, but they are disposable.

5. The shutdown of a botnet is of no importance whatsoever. It merely provides an opportunity for Microsoft et.al. to beat their chest and lie about what a great victory they've achieved...when in fact they've accomplished nothing. Of course all the zombies that are part of that botnet are still fully-compromised, they still have the security holes, they still have the same careless, clueless users, they still have the same inferior operating system, they still have the same crappy applications. And so, soon enough, they will be part of another botnet.

As to the connections into my mail servers, if you will review the archives of spam-l from the better part of a decade ago, you'll find that I was one of the (several) people using not only connecting DNS/rDNS information, but passive OS fingerprinting to identify their OS. I'm not only familiar with these techniques, I invented, or co-invented, some of them. I am (painfully) well aware of what the landscape out there looks like, and thus equally-painfully well aware that the situation continues to get worse.

And therefore I dismiss, with prejudice, any suggestion that the number of zombies is getting smaller. Not only is there absolutely no reason for that to happen, but (close to) a decade's worth of data says precisely the opposite.

Re: Re: Re: And they STILL miss the much bigger point

While this is standard in many cases, more and more courts have begun realizing it is not appropriate in these copyright trolling cases where the sole purpose is to identify users to try to pressure them into settling.

Re:

not many yet, but something like 23000 Does were dumped from a fishing trip in DC.
There is a Judge in Illinois who promised to kick every single one of Steele's case's assigned to him. Hes quoted in the motion.

All of this stuff is the old SODDI defence, the "some other dude did it" that rarely flies. It has become the "two black youths" of the online age.

In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's use.

Re: Re:

DH, are you dense? Can't you read? Any number of cases regarding long distance phone charges, 900 line charges, etc. You can go look for caselaw it if you want.

Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn't enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old "preponderance of evidence" that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on.

It's the funny part here, we aren't talking "beyond a reasonable doubt". The motion MIGHT, MAYBE past muster if it was a criminal case, and even then, unlikely (see phone charge lawsuits). In a civil case, it's a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It's unlikely to fly in a civil case.

As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!

Re: Re: Re:

I think some people don't realize that the IP address is used to identify the subscriber, and then from there the copyright holder can gather more evidence to see if the subscriber is his man. There's two good criticisms of this though.

First of all, the subscriber (of course) gets immediately sent a settlement offer agreement. Pay us now and we'll forget the whole thing. While settlements are quite common, the practice of nuisance suits is discouraged, and rightfully so. The last things these plaintiffs appear to want to do is actually go through with a costly trial. Sure, there might be an example or two made of some unlucky souls, but in the end these are nuisance suits, plain and simple.

Second of all, it's my understanding that just having an IP address and evidence that someone used it to infringe is prima facie evidence of infringement. Unrebutted, the plaintiff wins. I think that given the number of unprotected or public wifi connections that exist, there's a strong possibility that the subscriber didn't actually "do it." Given this, I think the plaintiff should have to produce more evidence to satisfy his burden.

Re: Re: Re: Re:

You almost got it, until you hit the " I think that given the number of unprotected or public wifi connections that exist, there's a strong possibility that the subscriber didn't actually "do it." ".

In a civil suit, they don't have to prove absolutely that the subscriber did it. They only have to show a preponderance of evidence. OJ was not guilty of murder (criminal) but clearly liable in civil court. The standards are much lower.

The plaintiff shows that this IP was assign to this user at this time, this user is the subscriber, and has the needed equipment (computer) to have pirated the material. That would appear to be more than enough to satisfy the burden of showing that something happened, happened there, and happened with this subscriber, who is able to do the work (ie, the IP address isn't a printer or a DNS server).

The subscriber would then have to show that someone else did it. "could have done it" might be okay in a criminal case, as it might create reasonable doubt, but in a civil case, reasonable doubt isn't enough. The burder for the plaintiff is way lower here, and appears to be easily met by normal means, regardless of what all else comes up.

Re: Re: Re: Re: Re: Re:

Not "guilty until proven innocent" at all. The plaintiff comes with IP address, time, etc, and the ISP provides the user information. So far, we have a whole lot of proof, more than enough at that point to meet the old preponderance standard. There is no "guilty until proven innocent" here, we are working with actual evidence, not just someone's imagination.

Re: Re: Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re: Re: Re:

The standards are lower in civil court, not non-existant.

Although at least in this instance, the standards are so low as to be equivalent to nonexistent.

Tying an IP address to a particular machine at a particular time doesn't even come close to identifying the person doing the deed. Botnets are rampant, and strangers using other people's wifi is extremely common even when the wifi is properly locked down (it's easy enough to hack into a wifi hotspot, even WPA protected -- that amateurs can and do accomplish it by using readily available software).

An IP address is proof, at best, only that that connection was used for that purpose. It indicates almost exactly nothing about the person who was using it.

Re: Re: Re: Re: Re: Re: Re:

Actually you are only working with circumstantial evidence that might or might not have been contemporaneous, and most definitely is not Direct Evidence in any way shape or form.

Because of this the onus of proof should not be on the respondent(s) to prove that the plaintiffs circumstantial, and in a lot of cases anecdotal, evidence is false.

This is why court upon court in numerous forums and jurisdictions have all stated that an IP address and a time do not create enough preponderance to identify a specific individual for anything other than they might know of something.

And lets not get into the very argumentative discussion on whether the plaintiff(s) evidence is actually able to be authenticated by an unbiased party. Most Plaintiff(s) in these actions are fighting tooth and nail to stop the authentication being analysed in discovery since it has been proven it is open to false positives, tampering, and downright fraud and is very much adverse interference on the part of some plaintiff(s).

But hey what do I know, other than dealing with this sort of evidence, investigation, and legalities every day.

Re: Re: Re: Re: Re: Re: Re:

Please quit telling such lies. The ISP may provide the identity of the account holder, but likely have no idea who the user was.

So far, we have a whole lot of proof, more than enough at that point to meet the old preponderance standard.

Not even. Considering the number of people it often *could* be, the odds are *way* lower than even "probable" that the correct person has been identified. Why do you tell so many lies? Does copyright make you do it? If so, we need to get rid of copyright.

Re: Re: Re: Re: Re: Re:

If you are aware that your password got out, wouldn't you change it? Failing to change it after you know it has been broken would be pretty ignorant, wouldn't it?

All the data dumps in the world don't really matter anyway, because we are talking a very specific combination of user, location, ISP, etc. Are you so entirely ignorant of how the internet works to think that you can use and username and password at any internet connection and get service? Are you cracked?

Re: Re: Re: Re: Re: Re: Re:

...because we are talking a very specific combination of user, location, ISP, etc.

"location" was added to troll's mantra only recently. Until they were pushed to the wall they tried to convince courts that it was impossible to deduct location from IP. Now some of them are pushing very bizarre conspiracy claims to overcome basic jurisdiction questions. All these games are nauseous and don't add to credibility of these "specifics".

Re: Re: Re: Re: Re: Re: Re:

Quote:

All the data dumps in the world don't really matter anyway, because we are talking a very specific combination of user, location, ISP, etc. Are you so entirely ignorant of how the internet works to think that you can use and username and password at any internet connection and get service? Are you cracked?

Now I know you are IT ignorant LoL

What do you think, people who are part of a botnet know they are part of one and don't try to do nothing about it?

Even the government had intrusions that lasted years now and you want to say that somehow normal people with no resources and no knowledge should be able to detect and do something about it when those things happen?

Re: Re: Re: Re: Re: Re: Re:

Quote:

All the data dumps in the world don't really matter anyway, because we are talking a very specific combination of user, location, ISP, etc. Are you so entirely ignorant of how the internet works to think that you can use and username and password at any internet connection and get service? Are you cracked?

Also you do understand that if I put a backdoor on someones system I own that box right, it doesn't matter where it is, what password it has, I will be the one in control, the same goes for routers that people think of as not being computers but can be hacked just the same, so your PC could be all clean but your router could have been compromised and its now owned by somebody else.

Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re:

You see maybe Anonymous is doing the wrong thing, maybe they should start to create massive botnets that will download illegal stuff from well known honey pots to get caught to prove just how stupid that view is.

Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re:

"DH, are you dense? Can't you read? Any number of cases regarding long distance phone charges, 900 line charges, etc. You can go look for caselaw it if you want."

Right, but all of that is only relevant to your SUPPOSITION, that internet connections aren't much different than telephone lines.

"Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn't enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old "preponderance of evidence" that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on."

That's fair, though debatable. Certainly it isn't a "fact" as you'd stated. You've got a fairly hefty debate occurring over how responsible people should actually be for IP Addresses, with things like open WiFi and spoofing to be considered. This story actually hilights that such a debate is occurring. Those aren't facts, this is all opinion.

"In a civil case, it's a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It's unlikely to fly in a civil case."

All fair speculation. But that's what it is: speculation.

Look, partner, you're allowed to have an opinion. It's fine. But to make some broad statement about how everyone should see the facts here w/o actually presenting any FACTS is just silly. So just say it's your opinion.

"As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!"

Re: Re: Re: Re: Re:

Well, here's one such instance, specifically relating to the court saying an IP address does not equal a user for a civil court filing. I'm there are rulings in your favor as well. That's the point: this is currently in debate, not settled....

Re: Re: Re: Re: Re:

Since you asked so nicelly here.

Quote:

“[T]he Copyright Act does not expressly render anyone liable for infringement committed by another (in contrast to the Patent Act).”[22] An account holder cannot be held liable simply by the fact that her Internet access was identified in connection with the alleged infringing download. This being so, where a Doe defendant had neither intent nor knowledge of the passage of the infringing material, through her Internet access, no liability can attach to her merely as the account holder of such Internet access[23]. This holds true regardless of whether the unlawful conduct is alleged to have been copying or reproduction. With regard to file sharing, such lack of intent or knowledge is even more persuasive if the alleged conduct is said to be unauthorized distribution.[24] One cannot distribute what one does not possess.

Re: Re: Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re:

Also have those people not broken the law by tracing and registering signaling information that was private, without a court order?

Quote:

Title III prohibits the use of pen register and/or trap and trace devices to record dialing, routing, addressing, and signaling information used in the process of transmitting wire or electronic communications without a court order.

Re: Re: Re:

In what bizarro world can you claim that there is a preponderance of evidence enough to pick Me, as opposed to the 5-10 others who use my Internet connection daily, as the person who infringed on a specific copyright? You'd have far better odds of calling the correct flip of a coin than you would at picking the right person to accuse by my IP address. That is a fuck of a long way from a preponderance.

Re: Re: Re: Re:

In what bizarro world can you claim that there is a preponderance of evidence enough to pick Me, as opposed to the 5-10 others who use my Internet connection daily, as the person who infringed on a specific copyright?

Re:

All of this stuff is the old SODDI defence, the "some other dude did it" that rarely flies. It has become the "two black youths" of the online age.

In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's use.

It's a great motion, but it ignores basic facts.

I agree that there's good reason to allow discovery to commence against the subscriber of the IP address (and lots of caselaw to back it up), so I don't have a problem with these subpoenas, but I'm curious about your last remark. How is it that the subscriber is necessarily "legally on the hook for its use"?

Re: Re:

You said: "How is it that the subscriber is necessarily "legally on the hook for its use"?"

Me: Well, there is a bunch of ways that you get to the same thing, but the easiest is contractual. Almost every ISP has a contract, a terms of service, that includes boilerplate style:

"You are solely responsible for all access to and use of the Service through your Account, including any breach of the Service Agreement, by you or any user of your Account. If you do not wish to be bound by the terms and conditions of this Service Agreement, and pay the fees, charges, taxes and expenses associated with the Service, you may not access or use the Service."

Right away, contractually the end user is responsible for the connection. That contract puts the connection in the sole control of that customer.

It isn't any different from phone bills, gas bills, electric bills, etc. None of these allow for a "SODDI" defence, unless you can show the "SODDI" in question, say by showing an illegal tap on your electrical line going to your neighbors house, or that someone has dug up and re-routed your gas line illegally.

The motion fails to show how a contracted service, limited by terms, assigned to a single customer for internet service is any different from any other utilities. It is clear in modern terms that internet service is no more and more less of a utility than any other monthly rate service for your home, and it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service.

Example: Let's say you have a house, and on the outside you have a number of plugs (to use for your electic lawn mower, example). One of your neighbors starts a small grow op in his shed, and runs extensions over and takes as much power as he can without popping your circuit breakers. Unless you can show where the power went, you are pretty much on the hook for the increased power use. Even then, you would likely have to prove that you were not helping him out. Good luck with that.

So I think that while the motion is nicely detailed and all that, it ignored basic facts and precedents that exist in law from 100+ years of utility services, billing, and collections.

Re: Re: Re:

I meant to have this posted under this fools comments

In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's us"

Really... Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.

I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)

Re: Re: Re: Re:

Adam, no, in both cases, it is easy to spot the "non-responsiblity", the changing of the long distance carrier (illegal act) and the cloning of your phone (which would show up as a second phone on the network in places you are not at).

Would you care to try again with actual examples that don't have other, clear ways of explaining them?

Re: Re: Re: Re: Re: Re:

Re: Re: Re: Re: Re:

Really? Easy to spot? They why did they let continue for two months? The system should have picked up two phones with the same ESN and stopped it. What if that person decided to phone murder or bomb threats. The SWAT team would smash down my door and haul me away. My phone my ESN. Same as MY IP and my modem.

Re: Re: Re: Re:

I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)

I once received a very large long distance bill from AT&T for calls to a bunch of places all over the world (mostly banks it turned out) during the day when I was at work. AT&T insisted that that the calls had been made on my phone and that I must pay up. Well, the only way those calls could have been made from my phone would have been by someone entering my apartment during the day with a key and making them. After many fruitless calls to AT&T, and them insisting that no mistake could have been possibly made, I finally told the AT&T person that I was about to call the police and report a break-in. About five minutes after I hung up AT&T called back and said that they had experienced an "equipment issue" and admitted that the calls had actually been made by some bank downtown and not even from my phone in the first place. They took the charges off, but only after I was about to get the police involved.

If AT&T can make that kind of mistake with a phone number, don't try to tell me that IP addresses can't be wrong too.

By terms put in most such "contracts", they all but own your soul, and can unilaterally change terms at any time.

In actuality, the only contract is the obvious common law terms: that I pay the ISP and their electronic equipment passes my data on through to the internet.

Legalistic corporatists rely on statute and "contract" law, but those don't supersede common law, nor in last resort, appealing to a jury on such basis. Lawyers profit from layering precedents and keeping the people ignorant, so even though you're "right" within weenie legalisms, you're WRONG in the court of public opinion.

Re: Re: Re:

You make a convincing *legal* case. However, you've totally come disconnected from the facts. Maybe the "IP subscriber" is indeed responsible, legally. And maybe, just maybe, hanging all the responsibilty on the "IP subscriber" will work out for Copyright Troll John Steele, and his clients, and they will make tons of money and provide what consumers want.

But the real issue here is do we as a society want this equation of "IP address" and identity? I'd argue "no". We as a whole don't want this, as it will cause more problems for more people, and it maybe solves a few problems for a few people.

In the end, what you've done is give us one more example of the legal system crawling inside itself, and coming unstuck from reality.

This is another objection to your legalisms, particularly: "Let's say you have a house, and on the outside you have a number of plugs (to use for your electic lawn mower, example). One of your neighbors starts a small grow op in his shed," -- No, by stealing your electricity, the neighbor has committed a crime for which you are in no degree responsible. You're trying to equate unable to prove innocence with guilt. It'll be a burden and risk, yes, you're right, but doesn't at all taint you if the truth can be made clear.

By your notions, if you rent a car and someone steals it, then you're liable for them running over children. - No, that's TWO crimes by someone else. See the difference?

Similarly, IF someone uses your internet connection without your knowledge or permission, then that's a crime in itself. A mere IP address doesn't make you guilty of whatever is done, then. That's the hurdle under discussion. Nor does the lack of technical expertise throw guilt back on. And always remmeber, people: we're entitled to a jury of our /peers/ not to a jury of weenies who owe allegiance to the legal guild, who depend on it for their income. So be sure that the first motion you ever file in ANY court case is for a jury trial -- even for a traffic ticket.

Reasonable people wouldn't conclude that everyone has to know every possible drawback to computer networking, when even experts in the field don't, even the engineers who build the equipment don't know every exploit, so ignorance IS a practicable defense for this. Not that I'd want to get to that point.

First, if you cannot prove your neighbor stole the power, who can you prove you aren't responsible for it? Think about it for a second. Did you file a police report? Did you report the theft? Or is it just "you think he did it"?

Rental cars? Well, it depends on where you rent it, and what you may have done that caused it to be stolen (like leaving the keys in it, example). Vicarious liability is a nasty thing, you could be found 1% liable, but being the only defendant with money, you could end up paying out the full amount. It's hard to say, and it isn't as cut and dry legally as you wish it was.

You said: " IF someone uses your internet connection without your knowledge or permission, then that's a crime in itself."

It depends. If you left your WiFi open for anyone to use, did they in fact commit a crime, or did you invite them in? As for guilt, you are again using the criminal standard, not the civil one. You are looking at absolutely proof, that is not required in a civil case, just the preponderance of evidence. While you can offer up some "maybe" or "perhaps", it is very hard to get away from the end user being the one paying the bills, maintaining the connection (modem, wifi, whatever), and having a computer more than capable of committing the piracy.

This is all of course without seizing any and all computers and equipment on premises as part of discovery to actually check them. We are only at the "can we bring a case against you" stage, and the bar at that point is even lower than a preponderance of evidence.

Besides that little fact there is the "Good faith" thingy. What judge would grant a subpoena to a guy who after that contacts directly the accused and ask money from that person and never brings lawsuits?

Besides that little fact there is the "Good faith" thingy. What judge would grant a subpoena to a guy who after that contacts directly the accused and ask money from that person and never brings lawsuits?

The guy is just being nice in allowing them to settle. They don't have to if they don't want to.

Re: Re: Re:

Right away, contractually the end user is responsible for the connection. That contract puts the connection in the sole control of that customer.

Contractually they're responsible to the party they contracted with, i.e., their internet provider. How does that necessarily make them responsible to third parties though?

...it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service

But it is different, since I don't loan out my electricity or home phone to the world like I could if I leave my wifi open. Of course I'd be on the hook to the power company or the phone company for whatever bills I rack up, but that's different than being liable to some third party that I haven't contracted with.

Re: Re: Re: Re:

And let me give you a scenario that actually happened to me a couple of days ago. I got a new cable modem since my old one was shot. I called my ISP to give them the MAC so they could activate it. The tech asked me if I had a router. I told him I did, and then he told me to get a paperclip and push the "reset" button on the back of the router. I didn't do this because I knew there was no need to, but it got me thinking. If I had done as he asked, I would have reset my router, which has wifi, back to the factory settings, which is open wifi. So you've got wifi manufacturers supplying open wifi routers and ISPs telling their customers to open up their wifi. Whose fault is it then if the wifi is open? If we're going to lay the blame on the party who is mostly to blame, then I'm not so sure it's the subscriber with an open wifi. A lot of people just aren't technically savvy. My parents had an open wifi for two years before I realized it and locked it up. They had no idea what open wifi even means. If somebody hijacked their wifi and downloaded something, are they really to blame?

Re: Re: Re: Re: Re:

I don't think a tech would have asked you to reset the router configuration. It would be correct for him to ask you to reset (i.e reboot) the router. This would clear the routing table and, in particular, the arp table. I am guessing there was a miscommunication about what your router's reset button did. Then again, I have a habit of underestimating people's stupidity. Since the button was recessed, (done commonly for making the configuration reset harder) the tech guy is confused and you should complain to the ISP.

Re: Re: Re: Re: Re: Re:

Actually, in my experience on the other side of the phone, they are often told them must reset routers. The GOOD ones will not tell a customer to do that unless they find something else that makes it necessary, but it is listed within the processes.

Re: Re: Re:

Example: Let's say you have a house,...

Exactly. And let's say that the body of a dead person turns up in your front yard some morning. It's your yard, so unless you can prove that you didn't kill them, you're going to be responsible for it (at least civilly to the victim's family and maybe criminally too). So if you don't want to take that kind of chance you'd better build a tall fence around your front yard. If you don't and something like that happens and you get blamed for it then it's your own fault and you deserve whatever happens to you.

Re:

Can phones bills be hijacked by anybody remotely?
Botnets could transform 80% of the planet into criminals and people really didn't do anything they had their computers hijacked, and that is not even counting wardriving.

Not even the police can stop their computers from being compromised, not big companies that have millions to spend on security and you want people to be able to do it when most of then are in the 30K/per year income bracket?

Re: Re: Re: Re:

So I guess the Courts in Tennessee and elsewhere in the U.S. can start prepping up for all sorts of damages, since they failed to secure their networks and hackers have their passwords and can do a lot inside that system now.

Also PD's everywhere in the US had their systems compromised and could be prepared to be liable for all the confidential information that they let out.

Re: Re: Re: Re: Re:

Doggy, you need to get off that one. They got hacked, it happens, but smart people don't leave their passwords the same, throw up their hands, and just leave their networks open for other kids like you to come in.

Are you suggesting that after they were hacked that they did nothing to change passwords or secure their network? Are you truly that stupid?

Damn, I will be happy when we get to September and you have to go back to high school.

Re: Re: Re: Re: Re:

Maybe I’m emotionally (not factually) biased, but it is understandable given my predicament. Yet I still see much more common sense in arguments against negligence theory. Forget about the posts themselves – Randazza is an interested party, sure he uses all his skills in sophistry to maximize his profit. (And some trolls even resort to lies pushing this argument) I find discussions much more interesting – and the user nicknamed “Common Sense” had an upper hand by far in my opinion.

Re: Re: Re:

But your ISP connected that router to your network. And their techs even configured it for you. If the techs set up the router as open or WEP, is it your fault for running the insecure system provided by the ISP?

Re: Re:

To add to that: many times the ISPs themselves supply bloatware (or install on users' computers) as part of the ISP provisioning process. That software represents a significant downgrade of the security of the user's system.

So who should be held responsible for that? The user, because they signed up with Comcast for service, or Comcast, because they dropped a load of crap on the user's system, opening it up to all kinds of exploits that weren't previously available?

Re:

Re:

While I agree that SODDI is a shoddy defense, I have a feeling that such defense would never actually be used in trial because there would never actually *be* a trial. Remember, these mass subpoenas are not about uncovering who actually infringed on the copyright. It's a fishing expedition looking for a list of people to send settlement letters to.

Also, while you may be responsible for your Internet and phone connections when you give permission to others for its use, the risk of your neighbor hacking your wifi to infringe copyright is certainly much greater than the risk of your neighbor hacking your cordless phone and making long-distance calls with it. The vast majority of routers that come from ISPs do not ship with WPA enabled, and so users should not be held responsible for illegal access that was facilitated by faulty ISP security policies.

Re: Re:

The vast majority of routers that come from ISPs do not ship with WPA enabled, and so users should not be held responsible for illegal access that was facilitated by faulty ISP security policies.

Not to mention that having WPA enabled doesn't stop your wifi from being hacked. It does make it just a tiny bit harder (you have to intercept the traffic when someone legitimate connects, and your computer has to spend a half hour or so crunching numbers), but not so hard that script kiddies can't do it.

Re:

In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone

There is one really huge difference: with a telephone, you have a unique identifying number for the phone. With the internet, you don't (unless you are paying a premium for a dedicated IP address). You are assigned an arbitrary address that can be different every time you connect.

Re:

In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's use.

Wrong wrong wrong, and this has been discussed previously.

Long distance calls made on your phone is a billing issue between you and your phone company. And its a near certainty that you signed or agreed to be held responsible for the billing costs of those calls when you got the service.

A copyright infringement claim is a legal issue between you and a third party copyright holder. I would consider it highly unlikely that you signed an agreement with the copyright holder to be held legally responsible for copyright infringement that occurred on an IP address that happened to be leased to you at the time of infringement.

If someone breaks into a house and calls in a bomb threat from the phone, I have no problems with the police using the subscribers information as a starting point for an investigation into the identity of who called it in.

Under the law, I don't have a legal argument against a copyright holder filing an individual infringement suit for discovery of additional evidence against an individual unknown holder if they have more than just "this IP address was detected sharing content" - and then using the subscriber info from the ISP for further evidence collection that they have the correct person who was sharing the content.

Re:

All of this stuff is the old SODDI defence, the "some other dude did it" that rarely flies.

Guilty until proven innocent, huh?

In the end, there is plenty of precedents regarding long distance bills on a home phone, example.

So you're claiming *that's* a precedence? Whoo hoo, what a load.

In the phone case the subscriber that has agreed with the service provider to be liable for charges for such calls made on his line regardless of who actually made the calls. The case is similar with electric providers who bill the account holder regardless of who actually flips the light switch.

However, that's not like the case case here at all. In the case here a third party, with whom the subscriber has no agreement, is trying to hold them responsible for something they didn't do. And you're trying to claim it's the same thing? Man, you copyright people are sure a bunch of obvious liars.

Re:

This is fishing from a third party.

I think -- though my eyes may have glazed over -- that a significant point was missed -- because anything regarding computers is always assumed to be perfect, particularly by those least familiar with OS details: the records of the ISPs must be certified beyond any reasonable doubt (and that applies to civil cases too).

If the sole link between charges and persons is an IP address then it must be nailed down beyond doubt. I wouldn't consider anything less than real-time monitoring records (of actual copying or whatever) backed up by testimony of person who watched the info tap. Note that puts a high burden on plaintiff to pay up front for such monitoring, and that doesn't bother me. Otherwise, all you've got is a piece of paper with a number on it.

If the present low standard continues without questioning its relibility, then an inside person at an ISP could easily phony up records to convict anyone of almost anything on the net. I mention that only because within the realm of possible greed and perfidy, and will surely occur to someone else soon, particularly those in gov't.

Re: Re: This is fishing from a third party.

"In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's us"

Really... Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.

I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)

What amuses me is how delusional these trolls are. When they fight in court with another lawyer, that’s a game with around 50-50 chance to win. So they project their inflated self-esteem to the general public, but to think that they are smarter than every defendant is kind of statistical idiotism. Out of thousands they sue at least few are much-much smarter, or powerful. That alone makes their scheme is doomed in the long run.

I don’t say than I’m smarter than my house troll Gill Sperlein, but being an irrational person, I refused to pay ransom, though based on pure math it was the easiest way out (at least how felt at that time). Well, I’m not too irrational, put it in this way: I’m not rational at expense of dignity. I believe that I damaged his extortion enterprise to some extent.

Re:

The main reason they keep going is it is very rare they ever give anyone the chance to get them into a courtroom.

This is a numbers game, and to influence the numbers in your favor you steal copy from other people in the game to put on your website, and you talk publicly about the large "wins" you and others have gotten in these sorts of things. Mind you those cases are often exaggerated for the sake of the hype.

They put all of this out there so if you look into the specific troll that has you targeted you see all of this talk about how they crushed people here and there, and stories covering how wonderful they are at what they do.

The best example for me was a Dallas(? i forget) "news magazine" that wrote an amazing puff piece about Evan Stone. I took the writer to task directly about Stone facing sanctions for the fake subpoenas he sent out in violation of a court order... they killed those comments.
So what was left was a story about how he had his sights on some kids mom, who had admitted she did it and then on "bad advice" backed out of the payment agreement so he was taking the minor to court. And to add to this kids terror the newspaper called him to get "his side" of the story for the hatchet piece. They ignored Stone lifting the logo of the East India Company... it is sort of schizophrenic. Showing him as this awesome defender of copyright, who copied something belonging to someone else...

Having read the whole filing... I think it is a masterwork.
But then that could be why I submitted it.
I'm glad Mike liked it to.

My comments from where I originally came across the filing. This will also confirm to my own personal copyright troll I am who he thought I am, still confused... ask brice.

I LIKE THIS GUY!

He specifically introduced comments from one of the Judges who told Steele he would throw out every single one of the cases he tries to file from now on.
It points out the obvious that an IP address does not get you the infringer, and that the allegation is damaging to the people named and continues to be damaging if proven to be mistaken.

The #1 is very good... it points out in plain language that for all of the things they brought to court, none of them connect the does directly to infringing.
You can connect an internet service but you can not prove anything else about it.

#4 is hot because it points out that the Does even thou not named do have a right to move to quash records related to them.

#5 Jurisdictional challenge, well played...

#6 BTW the Judge who said ok to these subpoenas left the door open for the ISPs OR the Does to file motions to fxxk off

#7 IP Address is not the same as a fingerprint or DNA... far from it. That is a great attack on the tech challenged Judges, put it in CSI terms. Point out how even the Feds fxxked up using just an IP address.

#8 Point out the sheer number of people who might have done this who are not the Doe, and point out the lawyers can't prove or disprove anyone of them did or did not do it.

#9 Another quote from Judge who hates Steele about how this is abuse of the process because the mere accusation could ruin people if made publicly.

#10 - "The information linked to an IP address cannot give you the identity of the infringer."
O M G it gets amazingly better.... You want to read #10 for yourself.... its amazing.

If this stands... its amazing... it could really be hurtful to these entire shakedown mills if it is accepted by a court.

And if you think these are the champions of truth justice and the American way fighting these evil copyright infringers... I point you to the story over on Torrentfreak about the blind man being sued for downloading porn. Oh he has kids, like 4 and 5, and the trolls are aware hes blind, has an amazing defense, but they are still willing to demand and accept payment from someone they themselves are pretty sure is innocent, just so the blind man can make the case go away.

Re: Re:

photo radar

I always thought this is similar to the idealogical jump when governments introduced photo radar for speeding. From the beginning of the auto industry, the person doing the speeding got the ticket. But with the advent of photo radar, it instead went to the owner of the car. Same logic - we can't prove it was you, but close enough. I'm surprised actually that this has survived as it seems like a rather large logic hole.

Re: photo radar

In B.C. a number of years ago one generous man fought for several years, spent about $100,000 of his own resource, and won in Provincial Supreme Court; Photo Radar was decided as being unconstitutional under the 1982 Canadian Constitution.

Not sure, but I believe the province is still photo~radar free. It was for at least a few years after that case.

OK. Imagine a guy who approached a small store’s owner and said: “You have a very neat shop here, it will be a shame if someone burns it down. But we can protect you, just pay us monthly”. Now this story makes its way to TechDirt and wild discussion erupts. But wait, why we are discussing business owner’s fire alarm system and he way his shop is wired electrically? Why negligence argument pops up and stays throughout the debate. I can understand that good discussion is worth my time: it is enlightening and entertaining. But... do we still remember the forest talking about the trees?

Make it hard, or maybe impossible...

Just encrypt your drive. They can't prove anything other than traffic took place. If they try to force you to decipher the drive, simply state you forgot your password... They may be able to crack it open, but it will probably cost a small fortune in time and money to do it...

These lawyers seem to go after people that either don't know, or barely know what they are doing. I have yet to hear of someone getting sued that was running an encrypted hidden volume or whole drive encryption...

They can jump up and down until they explode, but at the end of the day, they can't prove you don't know your password lol...

Re: Make it hard, or maybe impossible...

I wouldn't give such advice. If a judge is angry he can charge you for contempt of court if you refuse to reveal your password, that happened before. "Forgotten password" is a lame excuse.

I agree that defendants should make trolls' lives difficult as much as possible. There are ways of doing it:

- If you are sure if it is impossible that you have any trace of the file in question and you have many computers/external drives, don't hesitate to offer them all for forensic analysis. One box will cost trolls ~1000. If I I have 8+ PCs and laptops - do the math.

- If you encrypt your drive, use TrueCrypt' hidden drive feature. In short, it is possible to create an "encrypted drive inside encrypted drive", and it is not possible to distinguish the space occupied by such drive from encrypted free space in the first drive. From user prospective it is a drive with 2 passwords - entering one reveals the first drive (and you can hand it over), entering the second reveals the contents of the hidden drive.

Re: Re: Re: Re: Make it hard, or maybe impossible...

That citation does not support the claim made. It makes no mention of "contempt" or of forgetting passwords. In fact, all the government was demanding was the contents of the drive, not the password itself.

Also entertaining and adding to the confusion would be the 2 lawyers who submitted vastly different answers to the concept if someone else used your connection, if the account holder is liable.

More interesting, was the answer by Randazza (we know how much I enjoy his work in this arena).

He said yes, and made the whole stolen car analogy.

But better was him saying that they would then subpoena every person you came into contact with to see if they were the one who infringed.

""Option A: We engage in discovery, seize all of the computers in the house, issue subpoenas to everyone the account holder knows, and start having depositions of everyone who lives in their home and neighborhood. By the time we’re done, we not only will likely have gotten to the bottom of things, we would have flipped the defendant’s entire life upside down. While that might get us somewhere, I prefer not to be that heavy-handed if I can avoid it.""

The sheer joy of Option A lies in how stupid they think Judges are.

Your honor, they got my name by claiming they had positive evidence to prove that I infringed their copyright.

Now we are in the portion where my side looks at the evidence to poke holes in it, and plaintiffs are engaged in a huge fishing expedition designed to annoy anyone I have ever met and to see if they might in fact be the infringer they are seeking. They claimed definitive evidence before this court to get my name in the first place, they seem to be admitting this is not the case.

They have mislead the court about their "evidence", engaged in "settlement negotiations" designed to intimidate and scare me into settling, and now we waste time in court as they decide they need to do actual discovery to make their case.

I'm still amazed by the idea that anyone can say these cases are not cash shakedowns wrapped up in legal wrangling. The fact that Randazza makes a statement publicly that they would have to seek out who the infringer really is goes against what they are telling the courts, that the IP address leads them to the infringing party. But then he holds the belief that account holders are entirely responsible for the actions anyone takes with their account, hacked in or not.

And I have a feeling that in the case you cited, that he is just being punished now for daring to attempt to fight rather than pay up.
I find it very hard for them to prove someone out of the country could access their machine, when you use the lens of - He used BEST BUY to get his computer fixed. This is not the sign of anyone computer savvy.

They could be trying to get the open wifi means your guilty to stick, or trying to run the bill up so they can point out how expensive it can be if you opt to fight rather than just pay them off.
Both of these would make powerful tools in the pay us or else schemes to scare more people into compliance.

When innocent people pay just to make it stop, the law has failed hard.